Lucene search
K

259 matches found

OSV
OSV
added 2022/04/06 12:1 a.m.26 views

GHSA-F99R-JJGR-F373 SQL injection in ImpressCMS

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

7.2CVSS7.1AI score0.04146EPSS
Exploits4References4
Github Security Blog
Github Security Blog
added 2022/04/06 12:1 a.m.32 views

SQL injection in ImpressCMS

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS4.7AI score0.04146EPSS
Exploits4References4Affected Software1
CNVD
CNVD
added 2022/04/06 12:0 a.m.12 views

ImpressCMS SQL Injection Vulnerability (CNVD-2022-30798)

A SQL injection vulnerability exists in ImpressCMS, a database MySQL-driven, modular content management system, which can be exploited by attackers to read and modify sensitive information from the database used by the application...

8.5CVSS3.5AI score0.04146EPSS
Exploits4References1
NVD
NVD
added 2022/04/05 3:15 p.m.39 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS0.04146EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/04/05 3:15 p.m.4 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS6.1AI score0.04146EPSS
Exploits4References3
Prion
Prion
added 2022/04/05 3:15 p.m.12 views

Sql injection

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS7.1AI score0.04146EPSS
Exploits4References2Affected Software1
OSV
OSV
added 2022/04/05 12:0 a.m.12 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS7.2AI score0.04146EPSS
Exploits4References4
CVE
CVE
added 2022/04/05 12:0 a.m.102 views

CVE-2022-26986

ImpressCMS

8.5CVSS7.1AI score0.04146EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.24 views

ImpressCMS SQL注入漏洞

A SQL injection vulnerability exists in ImpressCMS, a database MySQL-driven, modular content management system, which can be exploited by attackers to read and modify sensitive information from the database used by the application...

8.5CVSS5.9AI score0.04146EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.2 views

PT-2022-18162 · Unknown · Impresscms

Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...

8.5CVSS6.8AI score0.04146EPSS
Exploits4References9
Cvelist
Cvelist
added 2022/04/05 12:0 a.m.28 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

7.4AI score0.04146EPSS
Exploits4References2
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.460 views

ImpressCMS 1.4.2 - Remote Code Execution (RCE)

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Date: 30/03/2022 Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote...

9.8CVSS6.4AI score0.19419EPSS
Exploits9
0day.today
0day.today
added 2022/03/30 12:0 a.m.303 views

ImpressCMS 1.4.2 - Remote Code Execution Exploit

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote Code Execution...

9.8CVSS0.19419EPSS
Exploits9
OSV
OSV
added 2022/03/29 12:1 a.m.26 views

GHSA-JC4V-VVG6-XG78 SQL Injection in ImpressCMS

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection...

9.8CVSS9.6AI score0.19419EPSS
Exploits6References7
Github Security Blog
Github Security Blog
added 2022/03/29 12:1 a.m.22 views

Incorrect Access Control in ImpressCMS

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers who are, by design, able to have a security token...

5.3CVSS5.6AI score0.10813EPSS
Exploits6References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/29 12:1 a.m.28 views

Path Traversal in ImpressCMS

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php imagetemp Directory Traversal...

8.1CVSS3.9AI score0.03186EPSS
Exploits3References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/29 12:1 a.m.33 views

Type Confusion in ImpressCMS

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass != instead of !==...

9.8CVSS2.5AI score0.05544EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/29 12:1 a.m.21 views

SQL Injection in ImpressCMS

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection...

9.8CVSS3AI score0.19419EPSS
Exploits6References7Affected Software1
OSV
OSV
added 2022/03/29 12:1 a.m.19 views

GHSA-M8XH-CQC2-5Q6F Type Confusion in ImpressCMS

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass != instead of !==...

9.8CVSS9.5AI score0.05544EPSS
Exploits3References7
OSV
OSV
added 2022/03/29 12:1 a.m.13 views

GHSA-48P3-XFVW-G59C Incorrect Access Control in ImpressCMS

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers who are, by design, able to have a security token...

5.3CVSS5.5AI score0.10813EPSS
Exploits6References8
Rows per page
Query Builder